check user device mac address without doing mac-auth
Alan DeKok
aland at deployingradius.com
Wed Mar 22 15:55:06 UTC 2023
On Mar 22, 2023, at 11:44 AM, Eby Mani via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>> You can reject a user when doing 802.1X authentication if their MAC does not match an expected MAC.
>
> Are you talking about "authorized_macs" file or mac mapped(Calling-Station-Id) to particular user in users file ?.
If that's where you want to put MAC addresses, yes.
>> The devices MAC comes in the RADIUS packet. So it is trivial to match a user to a particular device.
>
> Is it not possible to grab Calling-Station-Id from Access-Request and check against db ?.
That's not what I said.
> Somewhere i read additional checks can be done with Calling-Station-Id when using PPP. Does this feature only work with PPP / SLIP ?.
No.
Alan DeKok.
More information about the Freeradius-Users
mailing list